Caddy2 Snap Nextcloud on Ubuntu 20.04 w/ Cloudflare Plugin

1. Caddy version (caddy version):

latest stable

2. How I run Caddy:

caddy.service
Caddyfile

a. System environment:

systemd Ubuntu 20.04

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

requests.movies4you.stream {
    encode gzip
    log {
    output file /var/log/ombi_access.log {
        roll_size 50mb
        roll_keep 5
        roll_keep_for 720h    
    }
}
    reverse_proxy 127.0.0.1:5000
    tls {
        dns cloudflare API-KEY-HERE
    }
}
accounts.movies4you.stream {
    encode gzip
    log {
        output file /var/log/accounts_access.log {
            roll_size 50mb
            roll_keep 5
            roll_keep_for 720h                
    }
}
    reverse_proxy 127.0.0.1:8056
    tls {
        dns cloudflare API-KEY-HERE
    }
}
stream.movies4you.stream {
    encode gzip
    log {
        output file /var/log/jf_access.log {
            roll_size 50mb
            roll_keep 5
            roll_keep_for 720h   
    }
}
    reverse_proxy 127.0.0.1:8096
    tls {
        dns cloudflare API-KEY-HERE 
    }
}

3. The problem I’m having:

I am having issues understanding how to setup Caddy2 with Nextcloud using the Caddyfile setup with Cloudflare. I already have Jellyfin, Ombi, and JFA-Go running through cloudflare and Caddy. I want to run my snap install of nextcloud through Caddy and Cloudflare. I have already basically done the legwork but i am having a hard time finding resources to explain what needs to be exactly edited to allow the snap nextcloud to run through caddy.
I have already run these commands.

sudo ufw allow 444/tcp
sudo ufw allow 81/tcp

I have already allowed 443 and 80 through for other programs currently being reverse proxied by caddy ie Jellyfin, Ombi

sudo ufw allow 443/tcp
sudo ufw allow 80/tcp

I had to allow port 444 HTTPS and 81 HTTP to be read by nextcloud

sudo snap set nextcloud ports.http=81 ports.https=444

Then i pasted in my domain ie photos.domain.com with this example

sudo nextcloud.occ config:system:set overwritehost --value="photos.techjunkiehosting.com:81"

next removed the memory limit (This is 100% Optional)

sudo snap set nextcloud php.memory-limit=-1

I have also found these resources below this line. I dont understand what exactly needs to be added to my caddyfile.
so far this is what i have made for the nextcloud caddyfile but have not implemented yet

photos.techjunkiehosting.com {
    encode gziplog {
        log {
            output file /var/log/nextcloud.log {
            roll_size 50mb
            roll_keep 5
            roll_keep_for 720h                
                    }
                }
    reverse_proxy 127.0.0.1:81
    tls {
        dns cloudflare API-KEY-HERE
    }
}

I have also setup the domain to fully work with cloudflare and caddy. Basically I just need help setting up the caddyfile to get it working.
Could anyone give in detail what i have to do to get the snap install of nextcloud succesfully setup with caddy and cloudflare.
Thank you ahead of time.

6. Links to relevant resources:

I don’t understand the question. What’s the problem?

I need clarification on how to reverse proxy a snap nextcloud install for Caddy2. I don’t fully understand either than what I already have given above if there is anything else I need to add to the Caddyfile. There was very little documentation or explanation on what each of those links listed in sources did and why they were there. Hence I don’t understand how this

photos.techjunkiehosting.com {
    encode gziplog {
        log {
            output file /var/log/nextcloud.log {
            roll_size 50mb
            roll_keep 5
            roll_keep_for 720h                
                    }
                }
    reverse_proxy 127.0.0.1:81
    tls {
        dns cloudflare API-KEY-HERE
    }
}

Connects with my nextcloud snap install?

Like I said, what’s not working? What’s the actual problem? What symptoms are you seeing? Where are your logs?

thats the point i dont know if this will work at all. Again very little documentation for caddy2 and snap nextcloud. Im seeking information on what exactly i need to setup my reverse proxy for my snap nextcloud. I dont know if what i have right now will work and if it does can you explain how caddy connects to nextcloud. I havent implemented this yet in my caddy install i want to make sure it will work first or if anything needs to be added?

Why don’t you just try it? I still don’t understand. I’m not going to know if it’ll work any better than you do if you don’t try it!

It isn’t entirely clear what’s wrong besides just requesting our confirmation whether the configuration you’ve drafted is correct. Given that Nextcloud is foreign to us, what we would do is exactly what Francis has asked you to do, which is to try it, test it out, and validate it works. I did just that. Here are my findings:

  • You need to run sudo snap run nextcloud.manual-install <username> <password> with your username and password to create the initial user of Nextcloud.
  • The Nextcloud docs isn’t accurate in reporting this command: sudo nextcloud.occ config:system:set overwritehost --value="photos.techjunkiehosting.com:81". If you’re placing a reverse-proxy in front of Nextcloud, then the port at the end should be whatever is configured as the hostname in your reverse-proxy config, meaning the command for you will be sudo nextcloud.occ config:system:set overwritehost --value="photos.techjunkiehosting.com"
  • Nextcloud doesn’t seem to respect the X-Forwarded-Proto header, so you need to configure Nextcloud to use https inplace of http when rendering the hyperlinks on the page. For this run the command sudo nextcloud.occ config:system:set overwriteprotocol --value="https"

Absolutely reverse these commands! Otherwise you’re allowing external traffic to reach Nextcloud directly, bypassing your reverse-proxy (Caddy).

Now to review your Caddyfile…

The first thing you should run against your config is the command caddy validate --config <path to caddyfile> --adapter caddyfile. Running the command against your config produces this error:

validate: adapting config using caddyfile: parsing caddyfile tokens for 'encode': finding encoder module '': module not registered: http.encoders.gziplog

At close inspection, your Caddyfile seems to have the braces mismatched, and somehow you have gziplog then the log, reverse_proxy, and tls directives are wrapped inside the encode directive which already has improper argument of gziplog. Fixing it is done by simply removing log { in line 2. That’s it.

Seriously though, the bulk of the work was figuring out Nextcloud, which I had no exposure to before and merely poked at it and tried things out.

3 Likes

Give this man a beer :point_up:

4 Likes

Bro!! Your a god. Thank you!!! Ive been looking everywhere for this and I posted on a couple different Reddits but no one went into detail on what or how to fully do this! I want to say thank you for the in depth explanation information. I will attempt to implement this tomorrow once I wake up. But thank you!!!

2 Likes

I have caddy with two productive nextcloud snaps behind it…

  1. you only have to use cloudflare dns if you do not use 80/443 ports.
  2. you do not need https in your nextcloud (if on same machine or trusted LAN)
  3. please see this suggested addition to your config block of the domain
your.fqdn.name {
	header {
		Strict-Transport-Security max-age=15552000;
	}
	rewrite	/.well-known/carddav	/remote.php/dav
	rewrite	/.well-known/caldav	/remote.php/dav
	rewrite	/.well-known/webfinger	/public.php?service=webfinger
	reverse_proxy	{ 
		to http://<ip where nextcloud sits>:<http port>
		transport http {
			versions	1.1
			compression	off
		}
	}
}

the rewrites are needed for various devices (iphone, android, webdav clients, …).
nextcloud produced errors in my log when used with http2.
do not use compression it will slow down everything.
Then add your FQDN to trusted_domains, set overwrite.cli.url to your FQDN and 'overwriteprotocolto ‘https’ or use occ like @Mohammed90 wrote.
the config file is here:
/var/snap/nextcloud/current/nextcloud/config/config.php

1 Like

Caddy won’t attempt to use HTTP2 unless you’re connecting over HTTPS, or you specify h2c://. So that should be unnecessary.

This topic was automatically closed after 30 days. New replies are no longer allowed.